Copy nginx certificates to apache

west · October 12, 2020, 9:23pm

I've installed a docker container (linuxserver/swag) to handle letsencrypt certs and reverse proxy to all my other http containers. It's been working well. But my nextcloud/apache container cannot be proxied correctly--always showing "502 bad gateway" no matter how I played with the rewrite rules.

So, I'm going to mount the nginx volume and reference the 2 cert/key files directly in the apache site config:

SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem

But the problem is there's no equivalent apache ssl options config in the swag/nginx container. Is there a tool for converting the nginx ssl options to options-ssl-apache.conf? I see certbot generates seemingly different ssl options:

ssl.conf generated by swag docker image:

ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDS
A-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:EC
DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

ssl_stapling on;
ssl_stapling_verify on;

ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_trusted_certificate /config/keys/letsencrypt/fullchain.pem;

ssl_dhparam /config/nginx/dhparams.pem;

resolver 127.0.0.11 valid=30s; # Docker DNS Server

ssl_early_data on;

My previous non-container apache options:

SSLEngine on

SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off

SSLOptions +StrictRequire

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"" vhost_combined
LogFormat "%v %h %l %u %t "%r" %>s %b" vhost_common

_az · October 12, 2020, 9:42pm

I think the nearest thing is probably to use https://ssl-config.mozilla.org for your Apache SSL configuration.

It isn't a converter per-se, but it provides (as close as is possible) an identical configuration across all available servers.

system · November 11, 2020, 9:42pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need help with requesting Certificat for Apache reverse Proxy Help	7	1002	February 22, 2023
Ejabberd / Swag(Nginx) / LetsEncrypt Help	6	365	June 16, 2024
Help with server with apache and multiple Docker containers using nginx Server	2	2930	January 27, 2017
Nginx ssl config without changing virtualhost config Help	5	733	July 9, 2020
Dockerized infrasctructure suddenly cannot renew the certificate Help	18	680	May 13, 2023

Copy nginx certificates to apache

Related topics